Lucene search
K

312516 matches found

OSV
OSV
added yesterday3 views

MAL-2026-10515 Malicious code in nodemon-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...

6.1AI score
Exploits0References2
OSV
OSV
added yesterday3 views

MAL-2026-10447 Malicious code in remarkable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 464cab930bcf948abf49517f78a3ee1abb8b89c8f9c90f199bd3446c902d8e1e The package's preinstall script runs index.d.js, which reconstructs the identifier 'eval' from a character-code array 101,118,97,108 and base64-decod...

6.2AI score
Exploits0References2
OSV
OSV
added yesterday3 views

MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in @nsub/nitxe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16147b7ac55d6c4cc4e042be73e6d49fc7232e8a03f406fecd034cdd27bf0eb The package's declared npm postinstall script collects the installer's username os.userInfo.username, hostname os.hostname, platform, and the entire...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in tipsen-poc-again (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0977477bc81c656f52fb981657983580b411dda6d2c6766ba4d6a35fe4ae970 package.json declares its sole runtime dependency safe-chain-test as an HTTPS tarball URL pointing at a trycloudflare.com quick-tunnel host...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in another-poc-by-tipsen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1bd73ac39644da27df81fcbc6540647d0f13d77419a07997a8ca0a2baa6164e package.json declares a dependency safe-chain-test sourced from a tarball URL on an anonymous Cloudflare tunnel host...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in tipsen-last (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8dda277dd82e1c50906cff18341bb76485eed33ba42d39b228c447514e4081f package.json declares its only runtime dependency "safe-chain-test" as a direct tarball URL on hoped-twice-evaluation-site.trycloudflare.com — an...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden222 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c141ada78ccdede0bb49a76d998fcf07eb4cc60c58cce5fdc1b5933b85a817d The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in abuden217 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42fce03517a0e7a241f99d0ce806a5bb90a4f70b083a2997c80868f3bc37d4b4 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden226 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8a4986d9e75be69083a7905e5ef5e4558e17fe8b9f15777a9cd692c882b9d6b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden227 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 424eb4c5daef762a3d9dd8a50b397d64812466368d7b044d4f65679e02659d83 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden225 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1055fc13dd3381055731dec99548ae360bcbf6263ffea25b8e89e49f43c9fb05 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden211 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b56fab3567bb384777773b6a1a1793f1842ae69d9937268e4c6d837072f51ac The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in sixseven9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1ed9c23f2c82d9e91d783110274aff10788de9e0e9a783964702ea26c7b1cc4 The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden230 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2234aab0cda39685bbdd725de23c50e6e6b78ca85d8ae3c48dc0577287406f65 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden214 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bdbebaa72ae71aae5482f3726a6be11649402b33365104e2fbf39f1db624137 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden228 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b15ded0c14059932e82f8e56f2b6d6fb13ebe2da3b51d3e17e048044e9266716 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in sixseven10 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21936e53270838d4901646de1e1c3eef9212055032d3cead428cbf3bfd60b9ed The package declares no install/postinstall/preinstall lifecycle scripts, and its declared main is sw.js — a browser ServiceWorker that uses...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden220 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5db7640be1dad05b49efcd772335edd1d23af2473f60abc8104719377761f272 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in abuden219 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1de0c667d7c3cbfd4c96728443db8ac059d53487498341bd937cf2aaf738574a The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
Rows per page
Query Builder